Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!

Wurstbrod · 25.09.2010, 16:17

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-24.05 - vvjj 25.09.2010  17:10:16.11.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.953.611 [GMT 2:00]
ausgeführt von:: c:\documents and settings\vvjj\My Documents\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
c:\windows\system32\sda
c:\windows\system32\sda\SDPA7120.dll
C:\winlogon.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-25 bis 2010-09-25  ))))))))))))))))))))))))))))))
.

2010-09-21 11:38 . 2010-09-21 11:38	179	----a-w-	C:\virus.bat
2010-09-15 20:48 . 2010-09-15 20:48	724952	----a-w-	C:\avenger.zip
2010-09-15 20:47 . 2010-09-15 20:47	1036800	----a-w-	c:\windows\explorer.exe
2010-09-15 20:47 . 2010-09-15 20:47	513024	----a-w-	c:\windows\system32\winlogon.exe
2010-09-15 19:39 . 2010-09-15 19:47	--------	d-----w-	C:\cofi19554c
2010-09-15 17:56 . 2010-09-15 18:03	--------	d-----w-	C:\cofi
2010-09-15 17:41 . 2010-09-15 17:41	--------	d-----w-	C:\_OTL
2010-09-13 20:52 . 2010-09-13 20:52	--------	d-----w-	c:\documents and settings\vvjj\Application Data\Malwarebytes
2010-09-13 20:52 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 20:52 . 2010-09-13 20:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-13 20:52 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-13 20:45 . 2010-09-13 20:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-05 19:19 . 2010-09-05 19:19	--------	d-----w-	c:\program files\Flip Video
2010-09-05 19:04 . 2010-09-05 19:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\Flip Video
2010-09-03 18:00 . 2010-09-22 17:55	--------	d-----w-	c:\documents and settings\vvjj\Application Data\vlc
2010-09-03 17:59 . 2010-09-03 17:59	--------	d-----w-	c:\program files\VideoLAN
2010-08-30 18:47 . 2010-09-13 20:35	--------	d-----w-	c:\program files\eMule
2010-08-29 07:10 . 2010-08-29 07:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 14:21 . 2009-06-11 08:59	--------	d-----w-	c:\documents and settings\vvjj\Application Data\uTorrent
2010-09-18 14:16 . 2009-05-31 11:07	--------	d-----w-	c:\documents and settings\vvjj\Application Data\Media Player Classic
2010-09-15 17:52 . 2009-05-19 17:05	--------	d-----w-	c:\program files\CCleaner
2010-09-03 17:48 . 2009-08-04 20:43	--------	d-----w-	c:\documents and settings\vvjj\Application Data\DivX
2010-09-02 11:31 . 2009-12-01 21:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Storm
2010-08-27 22:55 . 2009-05-25 16:57	--------	d-----w-	c:\documents and settings\vvjj\Application Data\SogouPY
2010-08-17 13:17 . 2008-04-14 12:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-07-29 21:48 . 2010-07-29 21:48	--------	d-----w-	c:\program files\QMI
2010-07-29 21:48 . 2009-05-20 22:36	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-22 15:49 . 2008-04-14 12:00	590848	----a-w-	c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-05-20 15:57	5120	----a-w-	c:\windows\system32\xpsp4res.dll
2010-07-08 18:48 . 2010-07-08 18:48	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2010-06-30 12:31 . 2008-04-14 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . EEC9730F9CC03819111D90E6CAA2DCC9 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2010-09-15 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2010-09-15 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((   SnapShot@2010-09-15_18.01.38   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-25 03:09 . 2010-09-25 03:09	16384              c:\windows\temp\Perflib_Perfdata_1dc.dat
- 2009-05-19 22:32 . 2010-02-22 14:23	17272              c:\windows\system32\spmsg.dll
+ 2009-05-19 22:32 . 2009-05-26 09:01	17272              c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2010-08-17 13:17	58880              c:\windows\system32\dllcache\spoolsv.exe
- 2008-04-14 12:00 . 2008-04-14 12:00	293376              c:\windows\system32\winsrv.dll
+ 2008-04-14 12:00 . 2010-06-18 17:45	293376              c:\windows\system32\winsrv.dll
+ 2008-04-14 12:00 . 2010-04-16 15:36	406016              c:\windows\system32\usp10.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	406016              c:\windows\system32\usp10.dll
+ 2008-04-14 12:00 . 2010-04-05 09:54	384512              c:\windows\system32\mp4sdmod.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	384512              c:\windows\system32\mp4sdmod.dll
+ 2009-05-19 16:52 . 2010-06-09 07:43	692736              c:\windows\system32\inetcomm.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	293376              c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 12:00 . 2010-06-18 17:45	293376              c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	406016              c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 12:00 . 2010-04-16 15:36	406016              c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 12:00 . 2010-07-22 15:49	590848              c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-14 12:00 . 2010-04-05 09:54	384512              c:\windows\system32\dllcache\mp4sdmod.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	384512              c:\windows\system32\dllcache\mp4sdmod.dll
+ 2009-05-19 16:52 . 2010-06-09 07:43	692736              c:\windows\system32\dllcache\inetcomm.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PokerStrategy\\PokerStrategy Equilator\\Equilator.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\World of Warcraft\\WoW-3.2.0-deDE-downloader.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\vvjj\\My Documents\\Downloads\\qq2009sp6_installer.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\auclt.exe"=
"c:\\spiele\\Qianhong\\Qianhong.exe"=
"e:\\Diablo\\diablo.exe"=
"c:\\Program Files\\SogouInput\\5.0.1.4185\\PinyinUp.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [19.05.2009 19:33 108289]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [01.02.2008 04:02 65536]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [19.05.2009 19:02 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [21.05.2009 00:59 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [21.05.2009 00:37 43608]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11.06.2009 11:00 234888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [21.08.2009 23:39 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [21.08.2009 23:39 3072]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08.06.2010 20:04 691696]
.
Inhalt des "geplante Tasks" Ordners

2010-09-25 c:\windows\Tasks\SogouImeMgr.job
- c:\progra~1\SOGOUI~1\501~1.418\SGTool.exe [2010-06-25 13:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mLocal Page = 
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: ???QQ?? - c:\program files\Tencent\QQ\Bin\AddEmotion.htm
TCP: {3BB7F6C7-0862-4303-A207-4C8B05C3659B} = 202.96.69.38 202.96.64.68
DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab
FF - ProfilePath - c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\
FF - component: c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-25 17:12
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2025429265-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\ûm*R0RQ*Q*hˆÅ`]
"contexts"=dword:00000002
@="c:\\Program Files\\Tencent\\QQ\\Bin\\AddEmotion.htm"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MenuExt\ûm*R0RQ*Q*hˆÅ`]
"contexts"=dword:00000002
@="c:\\Program Files\\Tencent\\QQ\\Bin\\AddEmotion.htm"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\Citrix\ICA Client\pnsson.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(828)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Zeit der Fertigstellung: 2010-09-25  17:14:24
ComboFix-quarantined-files.txt  2010-09-25 15:14
ComboFix2.txt  2010-09-15 19:47
ComboFix3.txt  2010-09-15 18:02

Vor Suchlauf: 5.759.598.592 bytes free
Nach Suchlauf: 5.747.945.472 bytes free

- - End Of File - - 044726E793154AC2AB60AFDEB4BD1D4A

--- --- ---

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!

Log-Analyse und Auswertung: Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!

Ähnliche Themen: Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!